cpe:/a:oneorzero:oneorzero:1.6.3.0 CVE-2006-1501 2006-03-29T19:06:00.000-05:00 2017-07-19T21:30:39.503-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-03-30T10:19:00.000-05:00 ALLOWS_OTHER_ACCESS BID 17298 SECUNIA 19446 OSVDB 24228 VUPEN ADV-2006-1146 MISC http://osvdb.org/ref/24/24228-oneorzero.txt XF oneorzero-helpdesk-index-sql-injection(25511) SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in the kans action.